Do you disable insecure protocols?
For better server security (especially regarding public facing servers), certain security protocols and ciphers should be disabled.
Using a tool called "IIS Crypto 2.0" by Nartac, these protocols can be easily disabled instead of having to manually edit the Registry Keys.
- Download IIS Crypto 2.0 (https://www.nartac.com/Products/IISCrypto/Download)
- Run this on the server you wish to lock down
- Select the best practices button
- Ensure that TLS 1.0 is also disabled and hit apply
- The server will need to be rebooted before the settings take effect